An increasing need for data exchange among different parties involved in a care cycle ranging from traditional healthcare via home healthcare to wellness services has made secure management of health data an important issue. Today's approaches are based on traditional security mechanisms complemented with physical and administrative procedures, limiting the availability of health information and making the exchange of health records cumbersome. Digital policy management and policy enforcement technologies outperform these approaches by offering (1) end-to-end privacy and security in heterogeneous networks, protecting the data independent of the infrastructure over which data travels or institutional boundaries; (2) cryptographic enforcement of role-based or attribute-based access control mechanisms; and (3) interoperable security architecture that allows developing systems in a network agnostic way, obviating the need for network-specific security provisions and hence reducing implementation and maintenance costs.
Another aspect of the data security is to provide non-repudiation of origin, so that the consumer of the data can verify the data origin. In daily life, digital signatures are used to provide non-repudiation. In these digital signatures schemes, a private (or secret) and public key pair is generated for each user, wherein the secret key can be used to sign a message while the public key can be used to verify a signature over the message. However, in a healthcare organization, attributes are usually used to determine the role and identity of the user, and access to data as well as authority to sign a message is granted based on user attributes. In a computer system made for such an organization, the user may create or modify and then sign data if and only if he/she has the appropriate set of attributes. Hence in healthcare, attributes are considered to be an important aspect of the data origin. For example, a pharmacy will accept a prescription order if it has been signed by a user with a specific role or attribute (e.g. a doctor). A digital signature scheme which allows signing a message or content as a user with a specific set of attributes is an attribute-based signature (ABS) scheme. Such an attribute-based signature scheme is described in Dalia Khader, “Attribute Based Group Signature with Revocation”, Cryptology ePrint Archive, Report 2007/241, 2007, http://eprint.iacr.org. The cited paper discloses an Attribute based group signature (ABGS) scheme in which a verifier has the capability to identify a revoked user and hence reject the signature if a user is revoked. The process of checking (or verifying) whether a user is revoked or not is done by the verification authority locally by going through a list of revoked users one-by-one. In an attribute-based signature (ABS) scheme, the data is signed according to an access structure, such that only users with the right attributes can sign the data. To be able to sign a message, a user gets from the trusted authority a specific private key that corresponds to the set of certified attributes he/she has. However, the disclosed attribute-based signature scheme provides limited support for revocation of users. In general, user revocation may be desirable, for example when the user's private key is compromised, or when the status of the user changes. For example, the user may change to another job, with other attributes associated therewith.